Use the EntriesInKeysetOrder field instead of building a local slice …

…of all entries. PiperOrigin-RevId: 621771983
tink-crypto · Apr 4, 2024 · a954cf0 · a954cf0
1 parent e16626b
commit a954cf0
Showing 1 changed file with 4 additions and 12 deletions.
diff --git a/go/streamingaead/decrypt_reader.go b/go/streamingaead/decrypt_reader.go
@@ -18,7 +18,6 @@ import (
 	"errors"
 	"io"
 
-	"github.com/google/tink/go/core/primitiveset"
 	"github.com/google/tink/go/tink"
 )
 
@@ -47,21 +46,14 @@ func (dr *decryptReader) Read(p []byte) (n int, err error) {
 		return 0, errKeyNotFound
 	}
 
-	// For legacy reasons (Tink always encrypted with non-RAW keys) we use all
-	// primitives, even those which have output_prefix_type != RAW.
-	var allEntries []*primitiveset.Entry
-	for _, entryList := range dr.wrapped.ps.Entries {
-		allEntries = append(allEntries, entryList...)
-	}
-	if err != nil {
-		return 0, err
-	}
-
 	dr.matchAttempted = true
 	ur := &unreader{r: dr.cr}
 
 	// find proper key to decrypt ciphertext
-	for _, e := range allEntries {
+	//
+	// For legacy reasons (Tink always encrypted with non-RAW keys) we use all
+	// primitives, even those which have output_prefix_type != RAW.
+	for _, e := range dr.wrapped.ps.EntriesInKeysetOrder {
 		sa, ok := e.Primitive.(tink.StreamingAEAD)
 		if !ok {
 			continue